Deploying Suse Linux Enterprise Server
 |
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
Configuring the NFS Server
Setting Up the NFS Server
The first steps to configure an NFS Server is to get a handle on file/directory permissions and setup the directories you wish to export. I know I already have an entire chapter on Unix permissions, but it is important to give a good example of how I usually setup exported directories.
For instance, normally I usually only export 2 directories out of most servers, the /home directory and a directory that I keep most of the network files in, which is usually /srv/exports. For this example I am going to focus on configuring a /srv/exports directory as a good foundation for all the network files/directories.
Note - With the latest versions of the Samba server and the Linux Kernel, you can share the same directories through each service without having to worry about file locks, etc. These services will take care of all this for you.
So, what you want to do is decide what directories you wish to create within the /srv/exports folder, then set appropriate permissions on these directories. Also for each directory I create, I usually create a similar Samba Share that points to that directory. This allows your users to access these files from either GNU/Linux workstations or Microsoft Windows workstations. For this example, I am going to create 3 directories: office, teachers and schoolwide to give you an idea of how I usually set permissions - also note that I will use the groups "office", "teachers" and "students" to control access to these directories.
mkdir /srv/exports mkdir /srv/exports/office mkdir /srv/exports/teachers mkdir /srv/exports/schoolwide chmod 3770 /srv/exports/* chgrp office /srv/exports/office chgrp teachers /srv/exports/teachers chgrp students /srv/exports/schoolwide
The important command is the "chmod 3770" command, this ensures that any file or directory written within that directory is "Group Owned" by the owner of the parent directory. This allows any user that is a member of that group the ability to read/write any file within that directory regardless of the users "Default Group". This command also ensures that only the owner of the file can actually delete the file (even though any member of the group can read/write to the file).
So, in the above example, access to these directories are limited to only the users that are members of the respective group. For instance, only users that are members of the "teachers" group can access the "teachers". This provides an easy way to share files while still maintaining some type of control to who can access which files.
Configuring the NFS Server and Adding Directories to Export
Once you configure your directories, you can now "export" these directories so that other workstations can mount them. To do this open the Yast NFS Server module.
The Yast NFS Server module is seperated into two pages, the first page allows you to configure how the server handles the NFS requests. Here you can enable NFSv4 support and GSS Security if needed. Again, this document does not show you how to utilize Kerberos (as this subject is well beyond the scope of this document), so if you are simply following this guide do not enable these options. The second page allows you to configure the directories you wish to export and what options these exports have.
To include a directory to export, simply click on the "Add Directory" button and enter the location of the directory. In this case you add "/srv/exports". Then you are presented with a dialog asking for the "Host Wild Card" and "Options" for that specific Host Wild Card. Each export can have multiple "Host Wild Card" entries.
Host Wild Card - This is where you specify which hosts are able to mount your exported directory. This is usually listed as IP Addresses, Domain Names, NIS Groups or simple "*" for all access is allowed. For example:
192.168.1.0/24 *.private.lan @groupname
Options - Here is where you specify various options to use for each of the Hosts listed. For instance, you can specify "rw" for Read/Write or "ro" for Read Only. Normal defaults for most shares should be similar to "rw,sync,root_squash". Other options are listed in the Man Page for exports (man exports).
Occasionally, you do want to configure some exports differently to accomplish different tasks. For instance, you may want to provide NFS access to a FTP or HTTP directory on your server. There might even be times that you may want anyone that accesses certain exports to have the same User ID or Group ID to allow for extremely easy file sharing without having to maintain the same UID or GIDs on every client. Here are a few examples showing this.
Directory Host WC Options /srv/ftp * ro,insecure,all_squash /srv/worldwritable * rw,all_squash,anonuid=1001,anongid=1002
|
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
